Business Continuity Compliance

Achieving Compliance with CompuVault Business Continuity

With such high customer expectations and demands, businesses today cannot afford to dedicate a significant amount of time ensuring the dependability and industry compliance of their data backup solutions. At CompuVault, we understand the importance of having your business files, applications, and systems securely backed up and constantly available. That’s why CompuVault makes achieving compliance as simple as possible with our all-in-one data backup, business continuity, and disaster recovery solution, built to provide you with the ultimate reliability, usability, and peace of mind.

We Make It Easy For You

Laws and regulations are rarely straightforward, but CompuVault alleviates much of your industry compliance burden by providing security measures that meet or exceed most standards. For example:

All data is encrypted – both in transit and while at rest – using AES-128 (Advanced Encryption Standard) with a unique encryption key that meets the government’s FIPS 140-2 standard for top-secret documents.

Data center access is strictly limited and enforced by the use of CCTV, biometric technology, and 24/7 personnel.

The original version of data and applications, once backed-up, can only be accessed by authorized personnel that you identify.

Trust In CompuVault

While other backup, business continuity, and disaster recovery solutions are cobbled together by multiple vendors – making them more time consuming to manage and more likely to corrupt your data – our entire solution has the greatest simplicity and most reliable performance.

CompuVault’s technology includes:

Data Backup and Restore: Your data is stored on an onsite appliance for fast backups and restores, and also securely replicated offsite. Reverse incremental backups mean the latest versions of your backups are always on top and easy to find. Brick level restores offer the option to recover specific files within your server when needed.

Business Continuity & Cloud Continuity: In the event of a server outage, you can run servers on the onsite appliance with a single click until the new hardware is ready. If your entire building or infrastructure is destroyed, you can quickly virtualize your servers and work off the secure CompuVault cloud.

Disaster Recovery: Your data is protected in the event of a fire, theft, sabotage, hardware failure, or natural disaster in our secure, offsite datacenter. Use our Cloud Continuity service to keep all of your data and applications available and up and running in the cloud. Then, use our Bare Metal Restore (BMR) capabilities to bring your continually backed up data back to your repaired or replaced servers. That means no downtime, no loss of productivity, and no financial loss due to downtime.

CompuVault Helps Businesses Become Industry Compliant

The following lists some of the specific regulations that CompuVault end-users must frequently comply with and how CompuVault helps end-users meet each of these compliance standards:

HIPAA:
The Health Insurance Portability and Accountability Act (HIPAA) covers a wide range of topics, including specific standards for securing the privacy of healthcare-related data. Two parts of HIPAA in particular require healthcare providers to maintain standards for data integrity, data access, and audit controls for Protected Health Information (PHI).

The HIPAA Privacy Rule: Under the law, organizations must securely and privately store PHI to guard against reasonably anticipated threats and hazards that could damage the data both in transit and during storage.

With CompuVault, healthcare providers can easily meet or exceed HIPAA requirements because the CompuVault solution encrypts data every step of the way and does not require or involve the use or disclosure of PHI.

With CompuVault, only authorized users have access to backed up data; and financial institutions have complete access control over their virtualized servers. In addition, all data is encrypted, whether in transit or at rest in a data center. CompuVault’s high standards for securing private information make it easy for users to comply with GLBA.

Payment Card Industry Data Security Standard (PCI DSS):

Any business that accepts credit card payments or stores, processes, and/or transmits cardholder data must comply with PCI DSS. CompuVault encrypts all of its customers’ data, whether the data is in transit or at rest in our secure SOC 2 Type 2 data center. That means the CompuVault solution helps businesses comply with the section of PCI DSS that requires proper protection and encryption of stored cardholder data across open, public networks.

Sarbanes-Oxley Act (SOX):

The SOX Act of 2002 is also known as the Corporate and Auditing Accountability and Responsibility Act and calls on businesses to meet 11 mandates in order to achieve compliance.

The most significant requirements for CompuVault users are Title I, sections 103 and 105; Title III, Section 302; Title IV, Section 404; and Title VIII, Section 802 of the act. Each mandate outlines business compliance for the retention, production, responsibility, and internal control of business and audit records. Failure to do so can result in fines up to $5 million and/ or 20 years in prison.

By providing backup, recovery, and business continuity services with the highest level of uptime and reliability, CompuVault makes it simple for companies to comply with SOX. And with CompuVault’s Cloud Continuity feature for instant virtualization of a business’ systems in the cloud, which business can be assured that in the event of a natural disaster, their files will still be available from anywhere.

Red Flags Rule:

The Red Flags Rule, which is enforced by the Federal Trade Commission (FTC), came about as a way to protect consumers from identity theft. Based on sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003, the rule mandates that businesses create and implement a written Identity Theft Prevention Program to detect “red flags” in their everyday operations and identify ways to prevent security breaches. The rule applies to financial institutions and creditors, including (but not limited to) law firms, accounting firms, utility companies, medical practices, and hospitals. Failure to comply with the federal rule can result in a $3,500 fine per violation and/or a federal lawsuit filed by the U.S. Department of Justice on behalf of the FTC to comply in the future.

There are four steps that businesses must follow to achieve compliance with the Red Flags Rule.

Identify “red flags” and possible situations where your data could be vulnerable to identity theft.

Incorporate business practices to detect red flags.

Have a detailed appropriate response to prevent identity theft once red flags are detected.

Keep your plan up to date to reflect changes in risks from identity theft.

For CompuVault users, step one will be the most critical to developing a plan. But with CompuVault, you can rest assured that your data is fully protected with government-standard data encryption, accessible only by authorized approved personnel, whether in transit or while in one of the CompuVault data centers.

Self-Regulatory Organizations

In addition to helping achieve compliance with government rules and laws, CompuVault also makes it easy for businesses in various industries to comply with self-regulatory organizations (SROs) that apply to their business. Most SROs adhere to state laws regarding records retention, but the financial industry sets its own rules and regulations by insisting that those operating in the brokerage industry maintain membership in one of the following two SROs.

FINRA and MSRB:

The Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB) are private corporations that act as SROs. Brokerage firms and individual brokers must be members of one of these SROs, which:

Have regulatory authority over securities firms

Write rules for dealers and municipal advisers

Inform and educate the investing public

Ensure the market operates fairly and with integrity and transparency

In addition, FINRA oversees business between brokers, dealers, and the investing public; enforces rules and federal securities laws; monitors broker-dealers; and manages the largest arbitration forum between customer and member firms, as well as between brokerage firms and their employees.

CompuVault provides the security and retention standards users need to comply with MSRB record retention rules and FINRA rules 4511 to 4515. The MSRB requires businesses to keep records for various durations depending on the types of records retained. FINRA requires all records to be kept for six years. In both cases, you can set the CompuVault platform retention to make sure your records are protected and always available for any length of time, from anywhere, no matter what happens.

CompuVault’s Recovery-as-a-Service cloud eliminates data loss, keeps applications up and running, and makes sure that IT infrastructures never go down. CompuVault replaces legacy backup, business continuity, disaster recovery and archiving products, with a single integrated platform that mirrors an entire business in the cloud, making it simple to restore data, failover applications, and virtualize servers or an entire office with a click. Businesses trust CompuVault to keep their applications running and employees productive.

“The Disaster Recovery Journal and Forrester Research have recently published ‘The State of Business Continuity Preparedness’. It can be accessed here.